CVE-2021-24424: 
WordPress vulnerability analysis and mitigation

The WP Reset WordPress plugin before version 1.90 contained a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24424. The vulnerability was discovered in the plugin's snapshot creation functionality within the admin dashboard, where the extra_data parameter was not properly sanitized or escaped (WPScan).

The vulnerability is classified as an authenticated stored Cross-Site Scripting (XSS) issue with a CVSS score of 4.8 (medium severity). The vulnerability exists in the snapshot creation feature accessible through the admin dashboard. The technical exploit involves the extra_data parameter in the URL endpoint admin-ajax.php when creating a snapshot, which fails to properly sanitize user input (WPScan).

When successfully exploited, this vulnerability allows authenticated users to inject and store malicious JavaScript code that executes when other users view the affected pages. This could lead to session hijacking, credential theft, or other client-side attacks against WordPress administrators and users (WPScan).

The vulnerability was fixed in WP Reset version 1.90. Users are advised to update to this version or later to protect against this security issue. No alternative workarounds were published (WPScan).